ETSITS 131 103v5.i3.i ( 2oo7. 



06) 



Technical Specification 



Digital cellular telecommunications system (Phase 2+); 

Universal Mobile Telecommunications System (UMTS); 

Characteristics of the IP Multimedia Services 

Identity Module (ISIM) application 

(3GPP TS 31.103 version 5.13.1 Release 5) 



•25$ 



ES 




® 



GLOBAL SYSTEM FOR 
MOBILE COMMUNICATIONS 





3GPP TS 31.103 version 5.13.1 Release 5 1 ETSI TS 131 103 V5.13.1 (2007-06) 



Reference 



RTS/TSGC-0631103v5d1 
Keywords 



GSM, UMTS 



ETSI 

650 Route des Lucioles 
F-06921 Sophia Antipolis Cedex - FRANCE 

Tel. : +33 4 92 94 42 00 Fax: +33 4 93 65 47 1 6 

Siret N ° 348 623 562 0001 7 - NAF 742 C 
Association a but non lucratif enregistree a la 
Sous-Prefecture de Grasse (06) N° 7803/88 



Important notice 



Individual copies of the present document can be downloaded from: 
http://www.etsi.org 

The present document may be made available in more than one electronic version or in print. In any case of existing or 

perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). 

In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive 

within ETSI Secretariat. 

Users of the present document should be aware that the document may be subject to revision or change of status. 

Information on the current status of this and other ETSI documents is available at 

http://portal.etsi.org/tb/status/status.asp 

If you find errors in the present document, please send your comment to one of the following services: 

http://portal.etsi.org/chaircor/ETSI support.asp 

Copyright Notification 

No part may be reproduced except as authorized by written permission. 
The copyright and the foregoing restriction extend to reproduction in all media. 

© European Telecommunications Standards Institute 2007. 
All rights reserved. 

DECT™, PLUGTESTS™ and UMTS™ are Trade Marks of ETSI registered for the benefit of its Members. 
TIPHON™ and the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 
3GPP™ is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. 



ETSI 



3GPP TS 31.103 version 5.13.1 Release 5 2 ETSI TS 131 103 V5.13.1 (2007-06) 



Intellectual Property Rights 



IPRs essential or potentially essential to the present document may have been declared to ETSI. The information 
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found 
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in 
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web 
server ( http://webapp.etsi.org/IPR/home.asp ). 

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee 
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web 
server) which are, or may be, or may become, essential to the present document. 



Foreword 

This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). 

The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or 
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Foreword 



id , 



This Technical Specification (TS) has been produced by the 3 Generation Partnership Project (3GPP). 

The contents of the present document are subject to continuing work within the TSG and may change following formal 
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an 
identifying change of release date and an increase in version number as follows: 

Version x.y.z 

where: 

x the first digit: 

1 presented to TSG for information; 

2 presented to TSG for approval; 

3 or greater indicates TSG approved document under change control. 

y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, 
updates, etc. 

z the third digit is incremented when editorial only changes have been incorporated in the document. 

Introduction 

The present document defines the IM Services Identity Module (ISIM) application. 
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1 Scope 

The present document defines the ISIM application for access to IMS services. 
The present document specifies: 

specific command parameters; 

file structures; 

contents of EFs (Elementary Files); 

security functions; 

application protocol to be used on the interface between UICC (ISIM) and Terminal. 

This is to ensure interoperability between an ISIM and Terminal independently of the respective manufacturer, card 
issuer or operator. 

The present document does not define any aspects related to the administrative management phase of the ISIM. Any 
internal technical realisation of either the ISIM or the Terminal is only specified where these are reflected over the 
interface. The present document does not specify any of the security algorithms that may be used. 

2 References 

The following documents contain provisions that, through reference in this text, constitute provisions of the present 
document. 

• References are either specific (identified by date of publication and/or edition number or version number) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including 
a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same 
Release as the present document. 

[1] 3GPP TS 21.1 1 1: "USIM and IC Card Requirements". 

[2] 3GPP TS 31.102: "Characteristics of the USIM Application". 

[3] 3GPP TS 31.101: "UICC -Terminal Interface, Physical and Logical Characteristics". 

[4] 3GPP TS 33.102: "3G Security; Security Architecture". 

[5] 3GPP TS 33.103: "3G Security; Integration Guidelines". 

[6] ISO/IEC 7816-4: "Identification cards - Integrated circuit cards ,Part 4: Organization, security and 

commands for interchange". 

[7] Void 

[8] ITU-T Recommendation T.50: "International Reference Alphabet (IRA) (Formerly International 

Alphabet No. 5 or IA5) - Information technology - 7-bit coded character set for information 
interchange 

[8a] ISO 646 (1983): "Information processing - ISO 7-bits coded characters set for information 

interchange". 

[9] 3GPP TS 23.003: "Numbering, Addressing and Identification". 

[10] Void 
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[11] Void 

[12] 3GPP TS 25.101: "UE Radio Transmission and Reception (FDD)". 

[13] 3GPP TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2". 

[14] 3GPP TS 33.203: "3G security; Access security for IP-based services". 

[15] 3GPP TS 24.228: "Signalling flows for the IP multimedia call control based on SIP and SDP; 

Stage 3". 

[16] IETF RFC 3261: "SIP: Session Initiation Protocol". 

[17] 3GPP TS 23.038: "Alphabets and language-specific information". 

[18] ISO 639 (1988): "Code for the representation of names of languages". 

[19] 3GPPTS51.011 Release4: "Specification of the Subscriber Identity Module - Mobile Equipment 

(SIM-ME) interface". 

[20] ISO/IEC 8825(1990): "Information technology - Open Systems Interconnection - Specification of 

Basic Encoding Rules for Abstract Syntax Notation One (ASN.l)" Second Edition. 

[21] 3GPP TS 22.101: "Service aspects; Service principles". 

[22] ETSI TS 102 223 Release 5: "Smart cards; Card Application Toolkit (CAT)". 

[23] ETSI TS 101 220: "Smart cards; ETSI numbering system for telecommunication application 

providers". 

[24] IETF RFC 2486: "The Network Access Identifier" . 

[25] IETF RFC 3629 (2003): "UTF-8, a transformation format of ISO 10646". 

3 Definitions, symbols, abbreviations and coding 

conventions 

3.1 Definitions 

For the purposes of the present document, the following terms and definitions apply: 

ISIM: application residing on the UICC, an IC card specified in TS 31.101 [3] 

In particular, TS 31.101 [3] specifies the application independent properties of the UlCC/terminal interface such as the 

physical characteristics and the logical structure 

The AID of ISIM is defined in ETSI TS 101 220 [23] and is stored in EF DIR . 

ADM: access condition to an EF which is under the control of the authority which creates this file 

3.2 Symbols 

For the purposes of the present document, the following symbols apply: 

II Concatenation 

© Exclusive or 

f 1 Message authentication function used to compute MAC 

f 1 * A message authentication code (MAC) function with the property that no valuable information can 

be inferred from the function values of fl * about those of fl, ... , f5 and vice versa 

f2 Message authentication function used to compute RES and XRES 

f3 Key generating function used to compute CK 

f4 Key generating function used to compute IK 
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f5 



Key generating function used to compute AK 



3.3 



Abbreviations 



For the purposes of the present document, the following abbreviations apply: 

3GPP 3 r Generation Partnership Project 

AC Access Condition 

ADF Application Dedicated File 

AID Application IDentifier 

AK Anonymity Key 

AKA Authentication and Key Agreement 

ALW ALWays 

AMF Authentication Management Field 

ASN. 1 Abstract Syntax Notation One 

AuC Authentication Centre 

AUTN Authentication TokeN 

BER-TLV Basic Encoding Rule - TLV 

CK Cipher Key 

DF Dedicated File 

EF Elementary File 

FFS For Further Study 

FQDN Fully Qualified Domain Name 

HE Home Environment 

HN Home Network 

ICC Integrated Circuit Card 

ID IDentifier 

IK Integrity Key 

IM IP Multimedia 

IMPI IM Private Identity 

IMPU IM PUblic identity 

IMS IP Multimedia Subsystem 

ISIM IM Services Identity Module 

K long-term secret Key shared between the ISIM and the AuC 

KSI Key Set Identifier 

LI Language Indication 

LSB Least Significant Bit 

MAC Message Authentication Code 

MF Master File 

MSB Most Significant Bit 

NAI Network Access Identifier 

NEV NEVer 

PIN Personal Identification Number 

PL Preferred Languages 

PS_DO PIN Status Data Object 

RAND RANDom challenge 

RES user RESponse 

RFU Reserved for Future Use 

RST ReSeT 

SDP Session Description Protocol 

SFI Short EF Identifier 

SIP Session Initiation Protocol 

SQN SeQuence Number 

SW Status Word 

TLV Tag Length Value 

UE User Equipment 

XRES eXpected user RESponse 
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3.4 Coding Conventions 

The following coding conventions apply to the present document. 

All lengths are presented in bytes, unless otherwise stated. Each byte is represented by bits b8 to bl, where b8 is the 
most significant bit (MSB) and bl is the least significant bit (LSB). In each representation, the leftmost bit is the MSB. 

The coding of Data Objects in the present document is according to TS 31.101 [3], 

'XX': Single quotes indicate hexadecimal values. Valid elements for hexadecimal values are the numbers 

'0' to '9' and 'A' to 'F'. 



4 Files 

This clause specifies the EFs for the IMS session defining access conditions, data items and coding. A data item is a 
part of an EF which represents a complete logical entity. 

EFs or data items having an unassigned value, or, which during the IMS session, are cleared by the Terminal, shall have 
their bytes set to 'FF. After the administrative phase all data items shall have a defined value or have their bytes set to 
FF'. If a data item is 'deleted' during a IMS session by the allocation of a value specified in another 3G TS, then this 
value shall be used and the data item is not unassigned. 

EFs are mandatory (M) or optional (O). The file size of an optional EF may be zero. All implemented EFs with a file 
size greater than zero shall contain all mandatory data items. Optional data items may either be filled with F', or, if 
located at the end of an EF, need not exist. 

When the coding is according to ITU-T Recommendation T.50 [8], bit 8 of every byte shall be set to 0. 

For an overview containing all files see figure 4.1. 

4.1 Contents of the EFs at the MF level 

There are four EFs at the Master File (MF) level. These EFs are specified in TS 31.101 [3]. 
The file EF ARR is mandatory for the ISIM. 

4.2 Contents of files at the ISIM ADF (Application DF) level 

The EFs in the ISIM ADF contain service and network related information and are required for UE to operate in an IP 
Multimedia Subsystem. 

The File IDs '6F1X' (for EFs), '5F1X' and '5F2X' (for DFs) with X ranging from '0' to 'F' are reserved under the ISIM 
ADF for administrative use by the card issuer. 
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4.2.1 



Void 



4.2.2 EFimpi (IMS private user identity) 

This EF contains the private user identity of the user. 



Identifier: '6F02' 




Structure 


transparent Mandatory 


SFI: '02' 




File size: X bytes 


Update activity: low 


Access Conditions: 
READ 
UPDATE 
DEACTIVATE 
ACTIVATE 




PIN 
ADM 
ADM 
ADM 




Bytes 


Description 


M/O 


Length 


1 toX 


NAI TLV data object 


M 


X bytes 



- NAI 

Contents: 

Private user identity of the user. 

Coding: 

For contents and syntax of NAI TLV data object values see IETF RFC 2486 [24]. The NAI shall be encoded 
to an octet string according to UTF-8 encoding rules as specified in IETF RFC 3629 [25]. The tag value of 
the NAI TLV data object shall be '80'. 

4.2.3 EFdqmain (Home Network Domain Name) 

This EF contains the home operator's network domain name. 



Identifier: '6F03' 


Structure: transparent 


Mandatory 


SFI: '05' 




File size: X bytes 


Update activity: low 


Access Conditions: 

READ PIN 
UPDATE ADM 
DEACTIVATE ADM 
ACTIVATE ADM 


Bytes 


Description 


M/O 


Length 


1 toX 


Home Network Domain Name TLV data object 


M 


X bytes 



URI 

Contents: 

Home Network Domain Name. 

Coding: 

For contents and syntax of Home Network Domain Name TLV data object values see TS 23.003 [9]. The 
Home Network Domain Name, i.e. FQDN shall be encoded to an octet string according to UTF-8 encoding 
rules as specified in IETF RFC 3629 [25]. The tag value of the Home Network Domain Name TLV data 
object shall be '80'. 
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4.2.4 EFimpu (IMS public user identity) 



This EF contains one or more records, with each record able to hold a public SIP Identity (SIP URI) of the user. The 
first (or only) record in the EF shall be used as the default SIP Identity in case that no record is explicitly selected either 
in the current session or as a carryover from a prior session. 



Identifier: '6F04' 






Structure: 


linear fixed Mandatory 


SFI: '04' 




Record length: X 


bytes 






Update activity: low 


Access Conditions: 
READ 
UPDATE 
DEACTIVATE 
ACTIVATE 






PIN 
ADM 
ADM 
ADM 




Bytes 


Description 


M/O 


Length 


1 toX 


URI TLV data object 


M 


X bytes 



- URI 

Contents: 

SIP URI by which other parties know the subscriber. 

Coding: 

For contents and syntax of URI TLV data object values see IETF RFC 3261 [16]. The URI shall be encoded 
to an octet string according to UTF-8 encoding rules as specified in IETF RFC 3629 [25]. The tag value of 
the URI TLV data object shall be '80'. 

4.2.5 EF AD (Administrative Data) 

This EF contains information concerning the mode of operation according to the type of ISIM, such as normal (to be 
used by IMS subscribers for IMS operations), type approval (to allow specific use of the Terminal during type approval 
procedures of e.g. the network equipment), manufacturer specific (to allow the Terminal manufacturer to perform 
specific proprietary auto-test in its Terminal during e.g. maintenance phases). 

It also provides an indication of whether some Terminal features should be activated during normal operation. 



Identifier: '6FAD' | 


Structure 


transparent | 


Mandatory 


SFI: '03' 




File size: 3+X bytes 




Update activity 


low 


Access Conditions: 
READ 
UPDATE 
DEACTIVATE 
ACTIVATE 


ALW 
ADM 
ADM 
ADM 






Bytes 


Description 


M/O 


Length 


1 


UE operation mode 


M 


1 byte 


2 to 3 


Additional information 


M 


2 bytes 


4 to 3+X 


RFU 


O 


X bytes 



UE operation mode: 
Contents: 

mode of operation for the UE 
Coding: 

Initial value 
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- '00' normal operation. 

'80' type approval operations. 
'01' normal operation + specific facilities. 
'81' type approval operations + specific facilities. 
'02' maintenance (off line). 
Additional information: 
Coding: 

specific facilities (if bl=l in byte 1); 

Bytes 2 and 3 (first byte of additional information): 



b8 



b7 



b6 



b5 



b4 



b3 



:c2 



bl 



RFU (see TS 31.101) 



4.2.6 EF A rr (Access Rule Reference) 



This EF contains the access rules for files located under the ISIM ADF in the UICC. If the security attribute tag '8B' is 
indicated in the FCP it contains a reference to a record in this file. 

Structure of EF A rr at ADF-level 



Identifier: '6F06' 


| 


Structure: 


Linear fixed | Mandatory 


SFI: '06' 




Record Length: 


X bytes 




Update activity: low 


Access Conditions: 
READ 
UPDATE 
DEACTIVATE 
ACTIVATE 




ALW 
ADM 
ADM 
ADM 




Bytes 


Description 


M/O 


Length 


1 toX 


Access Rule TLV data objects 


M 


X bytes 



This EF contains one or more records containing access rule information according to the reference to expanded format 
as defined in ISO/IEC 7816-4 [6]. Each record represents an access rule. Unused bytes in the record are set to FF'. 

If the card cannot access EF ARR , any attempt to access a file with access rules indicated in this EF ARR shall not be 
granted. 



4.3 



ISIM file structure 



This subclause contains a figure depicting the file structure of the ADF IS im- ADF IS im shall be selected using the AID and 
information in EF DIR . 
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ADF,. 



EF AD 
'6FAD' 



EF IMPI 
'6F02' 



EF D0 MAIN 

'6F03' 



EF IMPU 
'6F04' 



EFarr 

'6F06' 



Figure 1 : File identifiers and directory structures of ISIM 



Application protocol 



When involved in administrative management operations, the ISIM interfaces with appropriate equipment. These 
operations are outside the scope of the present document. 

When involved in IMS operations, the ISIM interfaces with a Terminal, with which messages are exchanged. A 
message can be a command or a response. 

An ISIM Application command/response pair is a sequence consisting of a command and the associated 
response. 

An ISIM Application procedure consists of one or more ISIM Application command/response pairs, which are 
used to perform all, or part of an application-oriented task. A procedure shall be considered as a whole that is to 
say that the corresponding task is achieved if and only if the procedure is completed. The Terminal shall ensure 
that, when operated according to the manufacturer's manual, any unspecified interruption of the sequence of 
command/response pairs, which realise the procedure, leads to the abortion of the procedure itself. 

An ISIM session is the interval of time starting at the completion of the ISIM initialisation procedure and ending 
either with the start of the ISIM session termination procedure, or at the first instant the link between the UICC 
and the Terminal is interrupted. 

During the IMS operation phase, the Terminal plays the role of the master and the ISIM plays the role of the slave. 

The ISIM shall execute all commands and procedures in such a way as not to jeopardise, or cause suspension, of service 
provisioning to the user. This could occur if, for example, execution of the AUTHENTICATE is delayed in such a way 
which would result in the IMS denying or suspending service to the user. 

The procedures listed in subclause "ISIM management procedures" are required for execution of the procedures in the 
subsequent subclause "ISIM security related procedures". The procedures listed in subclause "ISIM security related 
procedures" are mandatory. 



5.1 ISIM management procedures 



5.1.1 



Initialisation 



5.1.1.1 



ISIM application selection 



If the Terminal wants to engage in IMS operation, then after UICC activation (see TS 31.101 [3]), the Terminal shall 
select an ISIM application, if an ISIM application is listed in the EF DIR file, using the SELECT by DF name as defined 
inTS 31.101 [3]. 

After a successful ISIM application selection, the selected ISIM (AID) is stored on the UICC. This application is 
referred to as the last selected ISIM application. The last selected ISIM application shall be available on the UICC after 
a deactivation followed by an activation of the UICC. 
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If a ISIM application is selected using partial DF name, the partial DF name supplied in the command shall uniquely 
identify a ISIM application. Furthermore if a ISIM application is selected using a partial DF name as specified in TS 
31.101 [3] indicating in the SELECT command the last occurrence the UICC shall select the ISIM application stored as 
the last ISIM application. If, in the SELECT command, the options first, next/previous are indicated, they have no 
meaning if an application has not been previously selected in the same session and shall return an appropriate error 
code. 

5.1.1.2 ISIM initialisation 

The ISIM shall not indicate any language preference. It shall use the language indicated by any other application 
currently active on the UICC or by default, choose a language from EF PL at the MF level according the procedure 
defined in TS 31.101 [3]. 

If the terminal does not support the languages of EF PL , then the terminal shall use its own internal default selection. 

The Terminal then runs the user verification procedure. If the procedure is not performed successfully, the ISIM 
initialisation stops. 

Then the Terminal performs the administrative information request. 

If all these procedures have been performed successfully then the ISIM session shall start. In all other cases the ISIM 
session shall not start. 

After the previous procedures have been completed successfully, the Terminal runs the following procedures: 

IMPI request. 

- IMPU request. 

SIP Domain request. 

After the ISIM initialisation has been completed successfully, the Terminal is ready for an ISIM session and shall 
indicate this to the ISIM by sending a particular STATUS command. 

5.1 .2 ISIM Session termination 

NOTE 1: This procedure is not to be confused with the deactivation procedure in TS 31.101 [3]. 

The ISIM session is terminated by the Terminal as follows. 

The Terminal shall indicate to the ISIM by sending a particular STATUS command that the termination procedure is 
starting. 

Finally, the ME deletes all these subscriber related information elements from its memory. 

NOTE 2: If the Terminal has already updated any of the subscriber related information during the ISIM session, 
and the value has not changed until ISIM session termination, the Terminal may omit the respective 
update procedure. 

To actually terminate the session, the Terminal shall then use one of the mechanisms described in TS 31.101 [3]. 

5.1 .3 ISIM application closure 

After termination of the ISIM session as defined in subclause 5.1.2, the ISIM application may be closed by closing the 
logical channels that are used to communicate with this particular ISIM application. 



5.1 .4 UICC presence detection 



The Terminal checks for the presence of the UICC according to TS 31.101 [3] within all 30 s periods of inactivity on 
the UICC-Terminal interface during a IMS session. If the presence detection according to TS 31.101 [3] fails the 
session shall be terminated as soon as possible but at least within 5s after the presence detection has failed. 
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5.1 .5 Administrative information request 

The Terminal performs the reading procedure with EF AD . 

5.2 ISIM security related procedures 

5.2.1 Authentication procedure 

The Terminal selects an ISIM application and uses the AUTHENTICATE command (see subclause 7.1). The response 
is sent to the Terminal(in case of the T=0 protocol when requested by a subsequent GET RESPONSE command). 

5.2.2 IMPI request 

The Terminal performs the reading procedure with EF IM pi. 

5.2.3 IMPU request 

The Terminal performs the reading procedure with EF IM pu. 

5.2.4 SIP Domain request 

The Terminal performs the reading procedure with EF DO main- 

5.2.5 Void 



6 Security features 

The security aspects of IMS are specified in TS 33.203 [14]. This clause gives information related to security features 
supported by the ISIM to enable the following: 

authentication of the ISIM to the network; 

authentication of the network to the ISIM; 

authentication of the user to the ISIM. 

6.1 User verification and file access conditions 

The ISIM application uses 2 PINs for user verification, PIN and PIN2. PIN2 is used only in the ADF. The PIN and 
PIN2 are mapped into key references as defined in TS 31.101 [3]. Each key reference is associated with a usage 
qualifier as defined in ISO/IEC7816-9 [10]. The PIN status is indicated in the PS_DO, which is part of the FCP 
response when an ADF/DF is selected. The coding of the PS_DO is defined in TS 31.101 [3]. 

PIN and PIN2 are coded on 8 bytes. Only (decimal) digits (0-9) shall be used, coded in CCITT T.50 [8] with bit 8 set to 
zero. The minimum number of digits is 4. If the number of digits presented by the user is less than 8 then the Terminal 
shall pad the presented PIN with 'FF' before sending it to the ISIM. 

The coding of the UNBLOCK PINs is identical to the coding of the PINs. However, the number of (decimal) digits is 
always 8. 

The security architecture as defined in TS 31.101 [3] applies to the ISIM and UICC with the following definitions and 
additions: 

The ISIM application shall use a global key referenceas PIN1 as specified in TS 31.101 [3]. 

For access to DFTelecom the PIN shall be verified. 



ETSI 



3GPP TS 31.103 version 5.13.1 Release 5 16 ETSI TS 131 103 V5.13.1 (2007-06) 

The only valid usage qualifier is '08' which means user authentication knowledge based (PIN) as defined in 
ISO/IEC 7816-4 [6], The terminal shall support the multi-application capabilities as defined in TS 31.101 [3]. 

Every file in the ISIM application shall have a reference to an access rule stored in EF ARR . 

The ISIM shall reside on a multi-verification/application capable UICC (from the security context point of view) 
and this UICC shall support the referenced format using SEID as defined in TS 31.101 [3]. 

The UICC on which the ISIM resides shall support the replacement of an ISIM application PIN with the 
Universal PIN as defined in TS 31.101 [3]. Only the Universal PIN is allowed as a replacement. 

The security architecture as defined in TS 31.101 [3] applies to the terminal supporting ISIM application with the 
following definitions and requirements: 

A terminal shall support the use of level 1 user verification requirement as defined in TS 31.101 [3]. 

A terminal shall support the replacement of an ISIM application PIN with the Universal PIN, as defined in 

TS 31.101 [3]. 

A terminal shall support the security attributes defined using tag's '8C, AB' and '8B' as defined in TS 31.101 [3]. 
In addition both the referencing methods indicated by tag '8B' shall be supported as defined in TS 31.101 [3]. 

The access rule is referenced in the FCP using tag '8B'. The TLV object contains the file ID (the file ID of EF ARR ) and 
record number, or file ID (the file ID of EF ARR ), SEID and record number, pointer to the record in EF ARR where the 
access rule is stored. Each SEID refers to a record number in EF ARR . EFs having the same access rule use the same 
record reference in EF ARR . For a example EF ARR , see TS 31.101 [3]. 



7 ISIM Commands 

The commands specified in TS 31.101 [3] are supported by ISIM, with the restrictions identified in this clause. 

7.1 AUTHENTICATE 

7.1.1 Command description 

The function is used during the procedure for authenticating the ISIM to its HN and vice versa. In addition, a cipher key 
and an integrity key are calculated. For the execution of the command the ISIM uses the subscriber authentication key 
K, which is stored in the ISIM. 

The function is related to a particular ISIM and shall not be executable unless the ISIM application has been selected 
and activated, and the current directory is the ISIM ADF or any subdirectory under this ADF and a successful PIN 
verification procedure has been performed (see clause 5). 

The function shall be used whenever an IMS context shall be established, i.e. when the terminal receives a challenge 
from the IMS. 

7.1.1.1 IMS security context 

The ISIM first computes the anonymity key AK = f5 K (RAND) and retrieves the sequence number 
SQN = (SQN © AK) © AK. 

Then the ISIM computes XMAC = fl K (SQN II RAND II AMF) and compares this with the MAC which is included in 
AUTN. If they are different, the ISIM abandons the function. 

Next the ISIM verifies that the received sequence number SQN is previously unused. If it is unused and its value is 
lower than SQN MS , it shall still be accepted if it is among the last 32 sequence numbers generated. A possible 
verification method is described in TS 33.102 [4]. 

NOTE: This implies that the ISIM has to keep a list of the last used sequence numbers and the length of the list is 
at least 32 entries. 
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If the ISIM detects the sequence numbers to be invalid, this is considered as a synchronisation failure and the ISIM 
abandons the function. In this case the command response is AUTS, where: 

- A UTS = Conc(SQN MS ) W MACS; 

- Couc(SQNms) = SQNms ®f5*K(RAND) is the concealed value of the counter SQN M s in the ISIM; and 

- MACS= fl *dSQN MS 1 1 RAND 1 1 AMF) where: 

RAND is the random value received in the current user authentication request; 

the AMF assumes a dummy value of all zeroes so that it does not need to be transmitted in clear in the 
resynchronisation message. 

If the sequence number is considered in the correct range, the ISIM computes RES = f2 K (RAND), the cipher key 
CK = f3x (RAND) and the integrity key IK = f4 K (RAND) and includes these in the command response. Note that if 
this is more efficient, RES, CK and IK could also be computed earlier at any time after receiving RAND. 

The use of AMF is HN specific and while processing the command, the content of the AMF has to be interpreted in the 
appropriate manner. The AMF may e.g. be used for support of multiple algorithms or keys or for changing the size of 
lists, see TS 33.102 [4]. 



7.1 .2 Command parameters and data 



Code 


Value 


CLA 


As specified in TS 31.101 


INS 


'88' 


P1 


'00' 


P2 


See table below 


Lc 


See below 


Data 


See below 


Le 


'00', or maximum length of data expected in response 



Parameter P2 specifies the authentication context as follows: 
Coding of the reference control P2: 



Coding 
b8-b1 


Meaning 


'1 ' 


Specific reference data (e.g. DF 
specific/application dependant key) 


'-XXXXXX-' 


'000000' 


' X' 


Authentication context: 

Reserved 

1 3G IMS context 



All other codings are RFU. 
Command parameters/data: 



Byte(s) 


Description 


Length 


1 


Length of RAND (L1) 


1 


2 to (L1+1) 


RAND 


L1 


(L1+2) 


Length of AUTN (L2) 


1 


(L1+3)to 
(L1+L2+2) 


AUTN 


L2 



The coding of AUTN is described in TS 33.102 [4]. The most significant bit of RAND is coded on bit 8 of byte 2. The 
most significant bit of AUTN is coded on bit 8 of byte (Ll+3). 
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Response parameters/data, case 1, command successful: 



Byte(s) 


Description 


Length 


1 


"Successful 3G authentication" tag = 'DB' 


1 


2 


Length of RES (L3) 


1 


3 to (L3+2) 


RES 


L3 


(L3+3) 


Length of CK (L4) 


1 


(L3+4) to 
(L3+L4+3) 


CK 


L4 


(L3+L4+4) 


Length of IK (L5) 


1 


(L3+L4+5) to 
(L3+L4+L5+4) 


IK 


L5 



The most significant bit of RES is coded on bit 8 of byte 3. The most significant bit of CK is coded on bit 8 of byte 
(L3+4). The most significant bit of IK is coded on bit 8 of byte (L3+L4+5). 

Response parameters/data, case 2, synchronization failure: 



Byte(s) 


Description 


Length 


1 


"Synchronisation failure" tag = 'DC 


1 


2 


Length of AUTS(L1) 


1 


3to(L1+2) 


AUTS 


L1 



The coding of AUTS is described in TS 3 3 . 1 02 [4] . The most significant bit of AUTS is coded on bit 8 of byte 3 . 

7.1 .3 Status Conditions Returned by the ISIM 

Status of the card after processing of the command is coded in the status bytes S Wl and SW2. This subclause specifies 
coding of the status bytes in the following tables. 



7.1.3.1 



Security management 



SW1 


SW2 


Error description 


'98' 


'62' 


- Authentication error, incorrect MAC 



ETSI 



3GPP TS 31.103 version 5.13.1 Release 5 



19 



ETSI TS 131 103 V5.13.1 (2007-06) 



7.1.3.2 Status Words of the Commands 

The following table shows for each command the possible status conditions returned (marked by an asterisk *). 

Commands and status words 



Status Words 


AUTHENTICATE 


90 00 


* 


91 XX 


* 


93 00 




98 50 




98 62 


* 


62 00 


* 


62 81 




62 82 




62 83 




63 CX 




64 00 


* 


65 00 


* 


65 81 


* 


67 00 


* 


67 XX - (see note) 


* 


68 00 


* 


68 81 


* 


68 82 


* 


69 81 




69 82 


* 


69 83 




69 84 


* 


69 85 


* 


69 86 




6A80 




6A81 


* 


6A82 




6A83 




6A86 


* 


6A87 




6A88 


* 


6B00 


* 


6E00 


* 


6F00 


* 


6F XX - (see note) 


* 


NOTE: Except SW2 = '00'. 



7.2 



GET CHALLENGE 



The GET CHALLENGE command is optional for the ISIM application. 



8 



UICC Characteristics 



8.1 Voltage classes 



A UICC holding an ISIM application shall support at least two consecutive voltage classes as defined in TS 31.101 [3], 
e.g. AB or BC. If the UICC supports more than two classes, they shall all be consecutive, e.g. ABC. 
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8.2 File Control Parameters (FCP) 



This subclause defines the contents of the data objects which are part of the FCP information where there is a difference 
compared to the values as specified in TS 31.101 [3]. This subclause also specifies values for data objects in the FCP 
information where there is no exact value given in TS 31.101 [3] and there is a need for such from the ISIM application 
point of view. 

8.2.1 Minimum application clock frequency 

This data object is indicated by tag '82' in the proprietary constructed data object in the FCP information, identified by 
tag 'A5', as defined in TS 31.101 [3], This data object specifies the minimum clock frequency to be provided by the 
terminal during the ISIM session. The value indicated in this data object shall not exceed 3 MHz, corresponding to 'IE'. 
The terminal shall use a clock frequency between the value specified by this data object and the maximum clock 
frequency for the UICC as defined in TS 31.101 [3], If this data object is not present in the FCP response or the value is 
FF' then the terminal shall assume that the minimum clock frequency is 1 MHz. 



8.3 Interface protocol 



No extra guard time, indicated in TC 1 in the ATR, needs to be supported when sending characters from the terminal to 
the card. The terminal may reject a UICC indicating values other than or 255 in TCI. 

NOTE : In previous versions of this release a value for the time between the start bit of the last character received 
by the UICC or the terminal and the start bit of the first character sent in opposite direction for T=0 has 
been referenced to as 16 etu. 

8.4 PPS procedure 

If the value of TA1 in the ATR is not '1 1' or '01', the PPS procedure shall be used. 

When the terminal does not support or cannot recognize the values indicated by the card in character TA1 of the ATR, 
it shall initiate at least one PPS procedure indicating Fi and Di values specified in TS 31.101 [3] before issuing a PPS 
with default values. 



ETSI 



3GPP TS 31.103 version 5.13.1 Release 5 



21 



ETSI TS 131 103 V5.13.1 (2007-06) 



Annex A (informative): 

EF changes via Data Download or CAT applications 

This annex defines if changing the content of an EF by the network (e.g. by sending an SMS), or by a CAT Application 
[22], is advisable. Updating of certain EFs "over the air" could result in unpredictable behavior of the UE; these are 
marked "Caution" in the table below. Certain EFs are marked "No"; under no circumstances should "over the air" 
changes of these EFs be considered. 



File identification 


Description 


Change advised 








'6F02' 


IMS private user identity 


Caution (note) 


'6F03' 


Home Network Domain Name 


Caution (note) 


'6F04' 


IMS public user identity 


Caution (note) 


'6FAD' 


Administrative Data 


Caution 


'6F06' 


Access Rule Reference 


Caution 


NOTE: If EFimpi, EF| MPU or EF DO main are changed, the UICC should issue a CAT REFRESH 
command [22]. 
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Annex B (informative): 
Tags defined in 31.103 



Tag 


Name of Data Element 


Usage 


'80' 


URI TLV data object 


IMPI, IMPU, DOMAIN 


'DB' 


Successful IMS authentication 


Response to AUTHENTICATE 


'DC 


Synchronisation failure 


Response to AUTHENTICATE 



NOTE: the value 'FF' is an invalid tag value. For ASN.l tag assignment rules see ISO/IEC 8825 [20] 
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Annex C (informative): 

Suggested contents of the EFs at pre-personalization 

If EFs have an unassigned value, it may not be clear from the main text what this value should be. This annex suggests 
values in these cases. 



File Identification 


Description 


Value 








'6F02' 


IMS private user identity 


'8000FF...FF' 


'6F03' 


Home Network Domain Name 


'8000FF...FF' 


'6F04' 


IMS public user identity 


'8000FF...FF' 


'6FAD' 


Administrative Data 


Operator dependant 


'6F06' 


Access Rule Reference 


Card issuer/operator dependant 
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Annex D (informative): 
List of SFI Values 

This annex lists SFI values assigned in the present document. 



D.1 List of SFI Values at the ISIM ADF Level 


File Identification 


SFI 


Description 








'6F02' 


'02' 


IMS private user identity 


'6F03' 


'05' 


Home Network Domain Name 


'6F04' 


'04' 


IMS public user identity 


'6 FAD' 


'03' 


Administrative Data 


'6F06' 


'06' 


Access Rule Reference 















All other SFI values are reserved for future use. 
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Annex E (informative): 

ISIM Application Session Activation / Termination 

The purpose of this annex is to illustrate the different Application Session procedures. 

Terminal UICC 

Application selection 



Application initialisation , 
procedure > 



Application initialisation 
procedure is terminated 





Select AID=ISIM 


^ 


r 


Select File 




Read Binary 




Status 






(P1='01') 


p 



Figure E.1 : ISIM Application Session Activation procedure 



Terminal 



UICC 



Application 

termination procedure 
is started 



Application termination 



r 



procedure 



-< 



Status 


^ 


(P1='02') 
Select File 




Update Binary 




Select AID=ISIM 


p 
^ 


(P2='40') 


p 



Application closure 



Figure E.2: ISIM Application Session Termination procedure 
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Annex F (informative): 
Change History 



The table below indicates all CRs that have been incorporated into the present document since it was initially approved. 



TSG#/ 
Date 


TSG Doc. 


WGdoc 


CR 


Rev 


Cat 


Subject/Comment 


New 


TP-16 












Comment: 

T#16 approved the specification to be part of Rel-5. The only 
changes to v1 .0.0 are in the references clause for the 
reference in [16] 


5.0.0 


TP-17 


TP-020211 


- 


0001 


- 


F 


Corrections 


5.1.0 


TP-18 


TP-020281 


- 


0002 


- 


F 


Replace reference to TS 31 .1 10 by reference to ETSI TS 1 01 
220 


5.2.0 


TP-18 


TP-020281 


- 


0003 


- 


F 


Management of last selected ISIM 


5.2.0 


TP-19 


TP-030019 


- 


0005 


- 


F 


Alignment with the Stage 2 terminology 


5.3.0 


TP-20 


TP-030122 


- 


0007 


- 


F 


Clarification that the home operator's network domain name is 
aSIPURI. 


5.4.0 


TP-20 


TP-030122 


- 


0009 


- 


F 


Clarification on the support of extra guardtime 


5.4.0 


TP-22 


TP-030252 


- 


0010 


- 


A 


Correction of T=0 protocol parameters 


5.5.0 


TP-23 


TP-040025 


- 


0011 


- 


F 


Essential corrections to remove Session Keys 


5.6.0 


TP-25 


TP-040182 


- 


0018 


- 


F 


Correction of PPS procedure 


5.7.0 


TP-26 


TP-040257 


- 


0020 


- 


F 


Correction of non specific references 


5.8.0 


TP-27 


TP-050019 


T3-050163 


0023 


- 


F 


Reservation of file IDs under ADF ISIM 


5.9.0 


CP-28 


CP-050136 


C6-050415 


0026 


- 


F 


ISO/IEC 7816-series revision 


5.10.0 


CP-29 


CP-050330 


C6-050730 


0028 


1 


F 


Default Record for EFIMPU 


5.11.0 


CP-30 


CP-050488 


C6-050884 


0034 




F 


Subscription related procedures 


5.12.0 


CP-30 


CP-050488 


C6-050903 


0032 




F 


Encoding of IMPI, IMPU and Domain 


5.12.0 


CP-36 


CP-070291 


C6-070315 


0046 


1 


F 


Correction of coding of home network domain name in EF- 
DOMAIN 


5.13.0 


2007-06 


- 


- 


- 


- 


- 


MCC correction to CR0046 implementation (reference to [9]) 


5.13.1 
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